Digital Designs

Tuesday, November 9, 2010

November is a fairly light month for Microsoft patches which include 3 security bulletins addressing a total of 11 vulnerabilities. A critical vulnerability affects Microsoft Office when handling RTF (rich text format) files in Word. Outlook fixes are addressed with the issue of the preview pane automatically displaying the contents of file attachments. The other bulletins cover issues with PowerPoint and Forefront Unified Access Gateway (UAG).

However, the 0day vulnerability in IE6 & IE7 is not addressed. This vulnerability involves an issue with the browser’s token parsing of user-defined CSS (Cascade Styling Sheet). It is recommended to upgrade to IE 8 where DEP (Data Execution Prevention) is on by default. The vulnerability exists in IE8 but DEP prevents the vulnerability to actually be exploited. Users should also be able to manually turn on DEP in IE6 & IE7 and there are other work-arounds available from Microsoft here: http://support.microsoft.com/kb/2458511

A total of 5 vulnerabilities exist in both Windows and Mac OS X versions of Microsoft Office. These vulnerabilities include the ability for a buffer overflow attack utilizing the processing of RTF documents.

Commercial customers can benefit from our Managed IT services, allowing owners to concentrate on their core business objectives. Our Web services will increase your online exposure, stand out from competitors, and bring people to your business, not just your website.